Depending on how you visit websites, you’ll notice the prefixes http:// or https:// appended to website address. The difference between the two is the “s” added to one of them. Some people will visit website via a saved bookmark or by typing the website name such as dignited.com on the browser’s address bar. Whichever way, most people won’t even notice these characters because the web browsers automatically adds them.
But what do these characters really mean on website names or addresses?
HTTP is short for Hypertext Transfer Protocol. It’s a set of standards that dictate exchange of website pages usually stored on a remote server on the internet. So when you type http:// followed by whatever website, you are instructing your browser to go fetch web pages of that website.
HTTP was first coined by Ted Nelson. HTTP/0.9 was the first version of the HTTP standard and was introduced in 1991. The most widely used version is HTTP/1.1 although the latest is HTTP/2.0.
Now Computers communicate through port numbers. These allow for several services to run on the same server. It’s common for one server to simultaneously run email services, serve website pages, host files etc.Port numbers are a bit like different doors of hotel rooms. Even though multiple people book the same hotel, they are assigned different hotel rooms. When you arrive at the reception, you’ll be directed and given keys to your specific room.
The http protocol requires your computer to connect to port 80 on the remote server that hosts website pages.
But what about when you are logging in to a website such as gmail or facebook? The HTTP protocol also specifies methods of not only retrieving web pages but also how to send data to remote server. The HTTP method for retrieving content is called GET while that for posting data to remote server is called POST. These are really details only your browser knows about.
Now HTTPS is a cousin to HTTP. It stands for Hypertext Transfer Protocol Secure. The “secure” term is there for a reason and it does exactly what it means. HTTPS adds an additional layer of security to your online browsing. It achieves this by encrypting, a process of terming into gibberish content such that it can’t be interpreted by anyone snooping or intercepting your surfing activities. HTTPS connects to remote host through port 443.
Notice that your browser won’t add these HTTP/HTTPS ports 80 and 443 to the website address because the browser already knows which ports to use.
HTTPS utilizes another cryptographic standard called SSL (Secure Sockets Layer) now replaced by TLS(Transport Layer Security) to provide the much needed security over computer network. To create this secure connection, an SSL certificate is installed on a remote web server that hosts website pages.
If a website doesn’t have a valid SSL certificate installed, your browser like Google Chrome will warn you with that you are indeed accessing insecure website with the “not secure” label.
If you own a website, it’s paramount that your users visit it via the secure HTTPS protocol. You should ask your website designer/developer or website hosting provider to install an SSL certificate for you which can be Free or Paid for.
Once you have an SSL certificate installed for your website, then your website will be accessible securely via https://www.yourwebsite.com. Then you must renew that certificate before it expires else your visitors won’t access your website completely. It’s likely that your hosting provider will send you reminders when it’s about to expire, but another alternative is to sign up to SSL certificate monitor service such as Site Monki to keep tabs on the status of your SSL certificate.